
AMENDMENTS TO THE CLAIMS: 

This listing of claims will replace all prior versions, and listing, of claims in the 
application: 

Listing of Claims: 

Claim 1 . (Currently Amended) A method for authorizing a user on a computer 
network of identity vectoring using chained mapping records, the method including: 

comparing a distinguished name or a partial distinguished name corresponding to 
the user with a plurality of mapping records; 

replacing a variable from a first matching mapping record with an environmental 
factor to create a first search criteria, the first matching mapping record indicating the 
distinguished name or the partial distinguished name , wherein the environmental factor 
includes one or more system or application statuses in effect at the time the user signs-on 
the computer network, thereby allowing the first matching mapping record to point to 
multiple user identifications ; and 

comparing the first search criteria with the plurality of mapping records ; and 

generating an authorization indicator responsive to at least one of comparing the 
distinguished name or a partial distinguished name and comparing the first search criteria 
with the plurality of mapping records . 

Claim 2. (Currently Amended) The method of claim 1, further including: 
wherein the generating an authorization indicator includes generating a security 
context control block using a user identification from a second matching mapping record, 
the second matching mapping record indicating the first search criteria. 

Claim 3. (Currently Amended) The method of claim 1, further including: 
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replacing a variable from a second matching mapping record with thean 
environmental factor to create a second search criteria, the second matching mapping 
record indicating the first search criteria. 

Claim 4. (Currently Amended) The method of claim 3, further including: 
wherein the generating an authorization indicator includes g enerating a security 

context control block using a user identification from a third matching mapping record, the 

third matching mapping record indicating the second search criteria. 

Claim 5. (Original) The method of claim 1, further including: 
eliminating a portion of an X.500 distinguished name to create the partial 

distinguished name used in said comparing the partial distinguished name with the plurality 

of mapping records. 

Claim 6. (Currently Amended) The method of claim 1, further including: 
wherein the generating an authorization indicator includes g enerating a security 

context control block using a user identification from the first matching mapping record if 

the first matching mapping record includes the user identification. 

Claim 7. (Currently Amended) The method of claim 1, furth e r including: wherein 
comparing the distinguished name or the partial distinguished name corresponding to the 
user with a plurality of mapping records includes comparing providing an X.500 
distinguished name of the user for use as the distinguished namo used in said comparing th e 
distingui s h e d nam e with the plurality of mapping records. 

Claim 8. (Currently Amended) The method of claim 1, furth e r including: whgrejn 
the environmental factor includes providing a system status existing at the time the user 
signs-on the computer network and replacing a variable includes replacing the variable 
from the first matching mapping record with the system status, for use as the 
e nvironm e ntal factor for said r e placing th e variabl e . 
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Claim 9. (Currently Amended) A system for authorizing a user on a computer 
network identity mapping using chained mapping records, the system including: 

a digital certificate means for receiving including a distinguished name 
corresponding to the user ; 

a distinguished name mapping record indicative of at least a portion of said 
distinguished name, said distinguished name mapping record including a first data field, 
said first data field including a first variable indicative of a first environmental factor^ 
wherein the first environmental factor includes one or more system or application statuses 
in effect at the time said digital certificate is received, thereby allowing said first matching 
mapping record to point to multiple user identities ; 

a first criteria mapping record corresponding to a first state of said first 
environmental factor, said first criteria mapping record including a second data field, said 
second data field including a first user identity; and 

a mapping process configured to receive said digital certificate, wherein said 
mapping process generates a security context control block using said first user identity in 
response to said first state of said first environmental factor. 

Claim 10. (Original) The system of claim 9, further including: 

a second criteria mapping record corresponding to a second state of said first 

environmental factor, said second criteria mapping record including a third data field, said 

third data field including a second user identity; and 

wherein said mapping process is further configured to generate a security context 

control block using said second user identity in response to said second state of said first 

environmental factor. 

Claim 1 1 . (Original) The system of claim 9, further including: 
a second criteria mapping record corresponding to a second state of said first 
environmental factor, said second criteria mapping record including a third data field, said 
third data field including a second variable indicative of a second environmental factor; 
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a third criteria mapping record corresponding to said second environmental factor, 
said third criteria mapping record including a fourth data field, said fourth data field 
including a second user identity; and 

wherein said mapping process is further configured to generate a security context 
control block using said second user identity in response to said second state of said first 
environmental factor and said third environmental factor. 

Claim 12. (Original) The system of claim 9, wherein said distinguished name is an 
X.500 distinguished name. 

Claim 13. (Original) The system of claim 10, wherein said first user identity 
represents a first level of network authorization, and said second user identity represents a 
second level of network authorization. 

Claim 14. (Original) The system of claim 9, wherein said first environmental 
factor is a network status at the time said digital certificate is received by said mapping 
process. 

Claim 15. (Original) The system of claim 9, wherein said first environmental 
factor is an application status at the time said digital certificate is received by said mapping 
process. 

Claim 16. (Original) The system of claim 9, wherein said first environmental 
factor is included in said digital certificate. 

Claim 17. (Currently Amended) A storage medium encoded with machine- 
readable computer program code for authorizing a user on a computer network using 
chained mapping records mapping nam e s pace id e ntities to digital c e rtificat e s , the storage 
medium including instructions for causing a computer to implement a method comprising: 
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comparing a distinguished name or a partial distinguished name corresponding to 
the user with a plurality of mapping records; 

replacing a variable from a first matching mapping record with an environmental 
factor to create a first search criteria, the first matching mapping record indicating the 
distinguished name or the partial distinguished name , wherein the environmental factor 
includes one or more system or application statuses in effect at the time the user signs-on 
on the computer network, thereby allowing the first matching mapping record to point to 
multiple user identifications; ^^ 

.comparing the first search criteria with the plurality of mapping records ; and t 

generating an authorization indicator responsive to at least one of comparing the 
distinguished name or a partial distinguished name and comparing the first search criteria 
with the plurality of mapping records. 

Claim 18. (Currently Amended) The storage medium of claim 17, ferthef 
prtmprir . i'ng j-nwtr i ir.tirmn for r.n lining a computer to implement: wherein the g enerating an 
authorization indicator includes 

generating a security context control block using a user identification from a second 
matching mapping record, the second matching mapping record indicating the first search 
criteria. 

Claim 19. (Currently Amended) The storage medium of claim 17, further 
comprising instructions for causing a computer to implement: 

replacing a variable from a second matching mapping record with thean 
environmental factor to create a second search criteria, the second matching mapping 
record indicating the first search criteria. 

Claim 20. (Currently Amended) The storage medium of claim 19, further 
comprising in s tructions for cau s ing a comput e r to implem e nt: 
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wherein the generating an authorization indicator includes g enerating a security 
context control block using a user identification from a third matching mapping record, the 
third matching mapping record indicating the second search criteria. 



Claim 21. (Original) The storage medium of claim 17 further comprising 
instructions for causing a computer to implement: 

eliminating a portion of an X.500 distinguished name to create the partial 
distinguished name used in said comparing the partial distinguished name with the plurality 
of mapping records. 

Claim 22. (Currently Amended) The storage medium of claim 17 further 
comprising instructions for cau s ing a comput e r to impl e m e nt: 

wherein the generating an authorization indicator includes g enerating a security 
context control block using a user identification from the first matching mapping record if 
the first matching mapping record includes the user identification. 

Claim 23. (Currently Amended) The storage medium of claim n^ferther 
comprising instructions for causing a comput e r to impl e m e nt: wherein comparing the 
distinguished name or the partial distinguished name corresponding to the user with a 
plurality of mapping records includes comparing 

providing an X.500 distinguished name for uso as the distinguished name used in 
said comparing th e distinguish e d nam e of the user with the plurality of mapping records. 

Claim 24. (Currently Amended) The storage medium of claim 17 1 furth e r 
comprising instructions for causing a computer to impl e m e nt: wherein the environmental 
factor includes a system status existing at the time the user signs-on the computer network 
and replacing a variable includes replacing the variable from the first matching mapping 
record with the system status. 

providing a syst e m status for us e as the environm e ntal factor for said r e placing the 
variabl e . 
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